02-14-2015 02:00 PM - edited 03-11-2019 10:30 PM
Two questions:
1). In my processes table I see the following:
Name | Description | Protocol | Port | Local Address | Foreign Address |
---|
ntpclient | NTP Client | udp | 13531 | (my WAN IP number) | 218.75.4.130 |
I have another ntpclient to the expect time server. But the one listed above is located in CHINA, (at least the registration). I haven't knowingly set this up. How did it get in my Processes table and should it be a security concern?
2). Can entire countries be blocked? I'm thinking it's impractical to do by registered IP ranges; is there another way? My concern is that I have no legitimate business reason to connect with certain countries most know for sourcing hacking attacks of various types. It seems if I block them, it can reduce the risk of successful attacks to my network. I understand that IP can be spoofed so this would not guarantee blocking attacks originating from those countries, but if it can help to reduce attacks to my network, I would like to implement the blocking.
02-16-2015 07:28 AM
You can block by country with the Sourcefire module.
http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-732253.html
03-08-2015 08:22 PM
Do I understand the recommendation correctly that to block countries is to buy more software? I was hoping for an answer that indicates basic firewall settings to block countries. It seems many of the routers have firewall or filter settings; that is what I was thinking about. For example, settings for any of Cisco's line of Small Business routers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide